• Home
  • Raw
  • Download

Lines Matching full:boringssl

1 # Porting from OpenSSL to BoringSSL
3 BoringSSL is an OpenSSL derivative and is mostly source-compatible, for the
5 BoringSSL support, provided they do not use removed APIs. In general, see if the
9 BoringSSL's `OPENSSL_VERSION_NUMBER` matches the OpenSSL version it targets.
10 Version checks for OpenSSL should ideally work as-is in BoringSSL. BoringSSL
17 In some cases, BoringSSL-specific code may be necessary. Use the
19 the BoringSSL maintainers about the missing APIs. We will typically add
20 compatibility functions for convenience. In particular, *contact BoringSSL
21 maintainers before working around missing OpenSSL 1.1.0 accessors*. BoringSSL
24 been ported to OpenSSL 1.1.0, so BoringSSL also remains largely compatible with
28 BoringSSL in configure scripts. Do not use the presence or absence of particular
29 symbols to detect BoringSSL.
31 Note: BoringSSL does *not* have a stable API or ABI. It must be updated with its
34 BoringSSL it was built against. Likewise, Android's system-internal copy of
35 BoringSSL is not exposed by the NDK and must not be used by third-party
46 code continues to compile. In some cases, this may require BoringSSL-specific
56 exist in BoringSSL. Instead, code which increments reference counts should call
59 BoringSSL also hides some structs which were previously exposed in OpenSSL
70 logic in BoringSSL has been rewritten, code which conditions on the error may
75 BoringSSL `#ifdef` may be necessary. Exactly how best to resolve this issue is
80 BoringSSL.
90 In BoringSSL, these macros have been replaced with proper functions. The
98 OpenSSL and BoringSSL. Note that BoringSSL's function versions will be
116 disabled, BoringSSL-specific codepaths may be necessary.
122 feature, so BoringSSL rejects peer renegotiations by default.
154   may change, BoringSSL will not re-verify the certificate on a renegotiation.
160 BoringSSL's `BN_bn2hex` function uses lowercase hexadecimal digits instead of
172 always) reuse that object rather than allocating a new one. In BoringSSL, these
179 Note that less error-prone APIs are available for BoringSSL-specific code (see
190 In BoringSSL, these functions maintain additional book-keeping to zero memory
193 ## Optional BoringSSL-specific simplifications
195 BoringSSL makes some changes to OpenSSL which simplify the API but remain
196 compatible with OpenSSL consumers. In general, consult the BoringSSL
197 documentation for any functions in new BoringSSL-only code.
201 Most OpenSSL APIs return 1 on success and either 0 or -1 on failure. BoringSSL
202 has narrowed most of these to 1 on success and 0 on failure. BoringSSL-specific
210 BoringSSL for convenience, but they do nothing and are not necessary.
221 these does nothing in BoringSSL. Instead, BoringSSL calls pthreads and the
227 BoringSSL is in the process of deprecating OpenSSL's `d2i` and `i2d` in favor of
229 BoringSSL-only code should use those functions where available.
264 …uivalent, but [*do not use this function*](https://freakattack.com/). (It is a no-op in BoringSSL.)
286 …uivalent, but [*do not use this function*](https://freakattack.com/). (It is a no-op in BoringSSL.)
287 …uivalent, but [*do not use this function*](https://freakattack.com/). (It is a no-op in BoringSSL.)
291 In some places, BoringSSL has added significant APIs. Use of these APIs goes beyound “porting” and …
293 …ed: the [CBS and CBB](https://commondatastorage.googleapis.com/chromium-boringssl-docs/bytestring.…
299 A [`CRYPTO_BUFFER`](https://commondatastorage.googleapis.com/chromium-boringssl-docs/pool.h.html) i…
303 …icates`. (See [ssl.h](https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html)…
307 … the OpenSSL X.509 and ASN.1 code should be eliminated by the linker if BoringSSL is linked static…
311 …ly removed from BoringSSL, it is still possible to support opaque keys in this way. However, when …